| 1826 | "Zero-Days" Without Incident - Compromising Angular via Expired npm Publisher Email Domains |
Supply chain attack |
GitHub |
Matthew Bryant (@IAmMandatory) |
Bug Bounty | 2022-02-11 | 2023-06-13 |
| 1825 | A tale of 0-Click Account Takeover and 2FA Bypass. |
Account takeover
Password reset
MFA bypass |
NA |
Firas Fatnassi (@Fatnass1F1ras) |
Bug Bounty | 2022-02-12 | 2023-06-13 |
| 1824 | Broken Link Hijacking - Mr. User-Agent |
Broken link hijacking |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2022-02-13 | 2023-06-13 |
| 1823 | How i made 15k$ from Remote Code Execution Vulnerability |
Code injection
RCE
Self-XSS |
NA |
Abdulrahman Makki (@AMakki1337) |
Bug Bounty | 2022-02-13 | 2023-06-13 |
| 1822 | Hacking AWS Cognito Misconfiguration to Zero Click Account Takeover |
AWS misconfiguration
Account takeover |
NA |
Preetham Bomma (@cyber01_) |
Bug Bounty | 2022-02-14 | 2023-06-13 |
| 1821 | My First Bounty and How I Got It |
Subdomain takeover |
NA |
Aneesha D (@interc3pt3r) |
Bug Bounty | 2022-02-14 | 2023-06-13 |
| 1820 | BigQuery SQL Injection Cheat Sheet |
SQL injection |
NA |
Ozgur Alp (@ozgur_bbh) |
Bug Bounty | 2022-02-14 | 2023-06-13 |
| 1814 | Hacked Dutch Government Website. All I got was this l̶o̶u̶s̶y̶ cool T-Shirt. |
Information disclosure |
Dutch Government |
Romesh chander |
Bug Bounty | 2022-02-16 | 2023-06-13 |
| 1813 | My First Reflected XSS Bug Bounty — Google Dork — $xxx |
Reflected XSS |
NA |
Proviesec (@proviesec) |
Bug Bounty | 2022-02-16 | 2023-06-13 |
| 1811 | How I earned $9000 with Privilege escalations |
Privilege escalation |
NA |
Junaid Khan (@JunoonBro) |
Bug Bounty | 2022-02-16 | 2023-06-13 |
| 1810 | CVE-2022-0478 - WooCommerce Event-Manager Plugin SQL Injection |
SQL injection
Security code review |
Automattic (WooCommerce) |
Castilho (@castilho101) |
Bug Bounty | 2022-02-16 | 2023-06-13 |
| 1808 | 403 forbidden bypass & Accessing config files using a header |
403 bypass
Authorization flaw |
NA |
vishnurajr |
Bug Bounty | 2022-02-17 | 2023-06-13 |
| 1807 | Recon and YouTube, is that a thing? |
Subdomain takeover |
NA |
Marcos IAF / Rohit (@marcos_iaf) |
Bug Bounty | 2022-02-17 | 2023-06-13 |
| 1802 | Passive Recon with Spyse (Part-II) |
Subdomain takeover
AWS misconfiguration |
NA |
remonsec (@remonsec) |
Bug Bounty | 2022-02-19 | 2023-06-13 |
| 1801 | My Experience of Hacking Dutch Government |
- |
Dutch Government |
remonsec (@remonsec) |
Bug Bounty | 2022-02-19 | 2023-06-13 |
| 1800 | CVE-2022-23835: A security analysis of Visual Voicemail |
Voicemail hacking |
AT&T
T-Mobile |
Chris Talbot |
Bug Bounty | 2022-02-19 | 2023-06-13 |
| 1799 | Bypassing Cloudflare’s WAF! |
XSS
WAF bypass |
NA |
Friendly (@SkeletorKeys) |
Bug Bounty | 2022-02-19 | 2023-06-13 |
| 1798 | Access Control Violation - Sensitive Data Exposure |
Directory listing |
NA |
Nick Berrie (@machevalia) |
Bug Bounty | 2022-02-19 | 2023-06-13 |
| 1795 | XSS in hidden input field |
XSS |
NA |
Faizan Elahi |
Bug Bounty | 2022-02-21 | 2023-06-13 |
| 1794 | What an injection into jQuery-selector can lead to |
CSRF |
NA |
Anton Subbotin (@ska_vans) |
Bug Bounty | 2022-02-21 | 2023-06-13 |
| 1791 | OAuth and PostMessage - Chaining misconfigurations for your access token. |
OAuth
postMessage
Token leak |
NA |
Suraj Disoja (@ninetyn1ne_) |
Bug Bounty | 2022-02-21 | 2023-06-13 |
| 1789 | Write Up – Android Application Screen Lock Bypass Via ADB Brute Forcing |
Android
Bruteforce
Authentication bypass |
NA |
Omar Espino (@omespino) |
Bug Bounty | 2022-02-22 | 2023-06-13 |
| 1788 | CVE-2021-45467: CWP CentOS Web Panel – preauth RCE |
RCE
LFI
Arbitrary file write |
Centos Web Panel (CWP) |
Paulos Yibelo (@PaulosYibelo) |
Bug Bounty | 2022-01-22 | 2023-06-13 |
| 1786 | How I Hacked the Dutch Government with SQLi and Won the Famous T-Shirt? |
SQL injection |
Dutch Government |
Göktuğ Kaya (@g0ktugkaya) |
Bug Bounty | 2022-02-24 | 2023-06-13 |
| 1785 | Piercing the Cloud Armor - The 8KB bypass in Google Cloud Platform WAF |
WAF bypass |
Google |
Kloudle (@Kloudleinc) |
Bug Bounty | 2022-02-24 | 2023-06-13 |
